The GNU Privacy Guard (GPG) is a command line tool used for encrypting documents and text available on all platforms. It is an implementation of a standard known as Pretty Good Privacy (PGP).
gnupg can be installed via Brew.
gpg can be installed using
pacman and so forth on Linux.
gpg --full-generate-key for the full available options or
gpg --gen-key to use the default options.
In both cases the user must provide a name, email, and password, but using the
--full-generate-key directive will enable the user to specify the algorithm, keysize, and expiration date.
After generating a key pair, immediately generate a revocation certificate.
gpg --output revoke.asc --gen-revoke <ID>
Once the first key is generated, the
gpg tool will create a directory in the user's home,
~/.gnupg where the key will live.
You can list all keypairs by using the command,
After listing the keys using the
gpg --list-secret-keys command, you can export your public key as a binary file.
gpg --output filename.gpg --export <ID/EMAIL>
<ID/EMAIL> is either the id displayed when we list the keys or the email associated with the key.
To export it in ASCII-armored format, we can use the
--armor directive, however we need to make sure that we route the output to a file since it will print to stdout otherwise.
gpg --armor --export <ID> > outputfile.pub
gpg --import daedelus.gpg
To encrypt a document, use the following command.
gpg --output <OUTPUTFILE> --encrypt --recipient <EMAIL> <FILENAME>
This will encrypt
<FILENAME> and produce a file
<OUTPUTFILE>. In order to decrypt it, recipient with
<EMAIL> must be imported into the local keyring.
To decrypt a document, use the following command.
gpg --output <OUTPUTFILE> --decrypt <FILENAME>
<OUTPUTFILE> is the cleartext filename and
<FILENAME> is the encrypted document. As long as the original recipient email public key is in your local key ring, it will automatically use that key.